05 M3 Firewall Technology

7/31/2019 05 M3 Firewall Technology

1/34

Firewall TechnologiesModule 3

ObjectivesAfter completing this module, you will be able to:

Define the termfirewall, list the main types of firewalls, explain how eachfirewall technology fits in the OSI model, and describe how firewalls are used

to protect a computer network.

Explain how packet-filter gateway technology works and list the advantages

and disadvantages of packet-filter technology.

Explain how firewall servers are used to protect a network, describe wherefirewall servers are typically placed in the network infrastructure, and describe

the typical firewall server configurations.

Explain how application-level firewalls work.

Explain how stateful-inspection firewalls work.

Explain how circuit-level firewalls work.

List the criteria you should use when evaluating a firewall product.

List the general steps you would use to deploy a firewall.

Rev. 0.11 3 1


2/34

Compaq Security Solutions

Overview of Firewall Technologies

Internal Network

Internet

External NetworkFirewall

Firewalls are barriers created between trusted private networks and untrusted

networks such as the Internet. Firewalls are used to:

Examine all inbound and outbound traffic, allowing only authorized traffic to

pass.

Protect internal networks from external networks.

Form a security barrier between parts of an organization.

The major objective of a firewall is to protect one network from another.

Firewalls are an important part of network security. Without a firewall, the

possibility of security breaches from external and internal sources is greatly

increased. To protect your network from attacks, installing and maintaining afirewall is an important part of network operations.

The termfirewallhas many uses and is therefore often confusing. Firewall can mean

a specific hardware component, such as a firewall server, a packet-filtering router, or

a security software package. Alternatively, it can refer to the complete collection ofcomponents which are used to form a barrier between a trusted and an untrusted

network, which is how this term is used in this course. Individual components are

referred to in specific terms, such asfirewall server,packet-filtering router, andfirewall software.

3 2 Rev. 0.11


3/34

Module 3

What Is a Firewall?

In the simplest terms, a firewall is a set of components placed between two networks

that have the following characteristics:

All traffic from inside to outside, and outside to inside, must pass through thefirewall.

Only authorized traffic, as defined by the security policy, will be allowed topass through the firewall.

The firewall itself must be immune from penetration.

The objective of a firewall is to protect an internal (trusted) network from an

external (untrusted) network. An untrusted network is one from which unwantednetwork intrusions can originate. The goal of your firewall should be to preventunauthorized access to sensitive data, while allowing legitimate users to have

unencumbered access to network resources.

Firewalls track and control data, deciding whether to pass, drop, reject, encrypt, orlog the data. Firewalls ensure that data meets the rules of an enterprise's network

security policy.

!Important

A firewall cannot protect the network against malicious authorized users.Research indicates that most network attacks occur from within an

organization. A firewall cannot protect connections that do not pass through

the firewall.

The firewall is the main tool for implementing an organization's network security

policy. In addition to a solid firewall strategy, a network will likely need solidauthentication, security, and privacy enhancement techniques to enhance the

network security or implement other aspects of the network security policy.

Rev. 0.11 3 3


4/34


Firewalls and the OSI Model

Presentation

Application

Session

Transport

Network

Data Link

Physical

OSIModel

Application Firewalls

Circuit-Level Gateways

Packet Filter Firewalls

The OSI model provides a detailed standard for describing a network. It is useful for

describing how protocol suites, such as TCP/IP, handle network communications.

The OSI model is used in this course to describe the features and functions of

different types of security products.

Firewall vendors differentiate themselves through the implementation of their

firewall products. The differentiation lies in which layer of the OSI model thefirewall exists and therefore where the packets are examined.

3 4 Rev. 0.11


5/34

Module 3

Firewall Components

A single firewall system has several components:

Software Two types of software are at the core of a firewall system:

Application level software controls network traffic at the application

level, tracking entire transactions related to mail, web, or file transfer

services.

Packet-filtering systems operate at the network level and examine each

individual packet of data as it comes through the network, without regard

to whether the packet is part of an approved application.

Operating system Many firewalls run on standard but hardened operating

systems and include support for Microsoft Windows NT and UNIX. Some run

on modified versions or completely proprietary operating systems.

Computer hardware Some firewall hardware is proprietary, but most usestandard hardware.

Network interfaces Most firewalls are multi-homed, using separatenetwork interface cards to create a physical separation between networks.

Types of Firewalls

Firewalls can be categorized into the following types:

Packet filter gateways

Application-level firewalls

Stateful inspection firewalls

Circuit-level gateways

Rev. 0.11 3 5


6/34


Packet-Filter Gateways

Internal Network

Internet

Packet FilteringGateway/Router

External Network

A packet-filter gateway can play an important role in implementing an enterprise

security policy by providing a first line of defense against unwanted intrusion.

By monitoring each packet destined for the internal network, the gateway can filter

out potentially dangerous packets.

Also known asscreening routers orpacket filter routers, a packet-filter gateway is a

router that selectively blocks and passes packets when routing them from one

network to another. It distinguishes packets based on predefined parameters, such as

the origination address or the port.Packet-filter gateways can provide an inexpensive and useful level of gateway

security. Typically, the filtering abilities come with the router software. Because you

will likely need a router to connect to the Internet, there is no extra charge for this

capability.

Packet-filtering technology is usually implemented through a router that has packet-

filtering capabilities. (Most routers have packet-filtering technology.) As shown in

the preceding graphic, a packet-filtering gateway is placed between an internal

network and an external network such as the Internet.

3 6 Rev. 0.11


7/34

Module 3

How Packet-Filtering Technology Works

Presentation

Application

Session

TransportNetwork

Data Link

Physical

Presentation

Application

Session

TransportNetwork

Data Link

Physical

Network

Data Link

Physical

Server Router Workstation

Packet filters work by distinguishing packets based on IP addresses or specific bit

patterns, and most come with router software. They reside at the network level onthe OSI model.

Packets are scanned and decisions about whether the packet should be allowed to

pass are based on the fields within the packet. The scanned fields include the source

IP address, destination IP address, TCP/UDP source port, and TCP/UDP destinationport.

Packet filters enforce their rules in an order-based manner. Packets are passed or

dropped based on their source or destination addresses or ports. In general, decisions

are based only on the content of the packet. Depending on the type of the router,filtering might be done at input time, at output time, or both.

The network administrator makes an "allow" list of acceptable machines and

services and a "deny" list of unacceptable machines and services. It is easy to permitor deny access at the host or network level with a packet filter. For example, you canpermit any IP access between host A and B, or deny any access to B from any

machine except A.

Rev. 0.11 3 7


8/34


Most packet filter devices operate in the following manner:

1. Packet filter rules are created for the device by the administrator. The rules are

stored in a specific order.

2. When a port receives a packet, the packet header is parsed. Most packet filterdevices only examine the fields in the IP, TCP, or UDP headers. Some devices

also filter on RIP, ICMP, and other layer 3 protocols.

3. The rules are applied to the packet in the order specified by the administrator.

4. If a rule blocks the transmission or reception of a packet, the packet is rejected.

5. If a rule allows the transmission or reception of a packet, the packet is allowedto pass.

6. If a packet does not satisfy any rule, it is blocked. (This rule follows the

philosophy "that which is not expressly permitted is denied.")

3 8 Rev. 0.11


9/34

Module 3

Advantages and Disadvantages

The advantages of packet filtering include:

Cost In most cases the technology is included with the router.

Ease of Implementation It is transparent to applications. No changes are

required to client and host applications because it operates at the IP and TCP

layers of the OSI model.

Performance It provides relatively fast throughput.

The disadvantages of packet filtering include:

Limited Security It does not screen above the network layer in the OSI

model. Packet filters are incapable of providing communication-derived orapplication-derived state information. They cannot recognize the context of a

given communication, which makes them more vulnerable to allowing

unauthorized access to a network.

Administration It is difficult to configure, monitor, and manage. Without

an in-depth knowledge of TCP and UDP port utilization, it is difficult tocontrol access to individual services.

Auditing It does not provides logging and alerting mechanisms.

Vulnerability Packet-filtering systems are subject to IP spoofing attacks.

They are unable to protect against application-level attacks and can besusceptible to sophisticated IP fragmentation and IP source routing attacks.

Flexibility Packet-filtering technology does not handle services well that

involve random port numbers.

Performance As the number of rules are increased on a packet filter router,

performance is degraded.

Order-dependent rules Rules written for packet-filtering systems are

highly order-dependent. If the rules are ordered incorrectly, unwanted

connections might be allowed. Therefore, packet-filtering systems are subject

to misconfiguration and the likelihood of misconfiguration increases as rulesare added.

Exposure Packet-filtering systems do not automatically hide network and

system addresses from public view.

Rev. 0.11 3 9


10/34


Packet Filtering Summary

In summary, packet-filter gateways are often used as the first line of defense against

an untrusted network. Packet filtering provides an efficient way to control networktraffic.

However, packet-filtering technologies do not address many security requirements

because they have incomplete information to work with. Only network and transportlayer information, such as IP addresses, port numbers, and TCP flags, is availablefor filtering decisions.

Most security policies require a finer degree of control than that allowed by packet-

filter gateways. In most cases, the security policy will require the ability to define

access to specific services for hosts that are otherwise untrusted. For example, youmight want to allow any host to connect to machine A, but only to send or receive

mail. Other services might not be permitted. Although packet filtering will allow

some control at this level, it is a risky and error-prone process. To do it correctly,

you must have intimate knowledge of TCP and UDP port utilization on variousoperating systems.

Packet-filtering devices such as screening routers are often augmented by other

devices, such as firewall applications running on dedicated firewall servers.

3 10 Rev. 0.11


11/34

Module 3

Application-Level Firewalls

Presentation

Application

Session

Transport

Network

Data Link

Physical

Presentation

Application

Session

Transport

Network

Data Link

Physical

Server Workstation

Presentation

Application

Session

Transport

Network

Data Link

Physical

HTTPTelnet FTP

Application-level gateways (firewalls) are programmed to recognize the network

traffic at the user application level of the OSI model. They can therefore provide

access controls at a user level and application-protocol level.

Application-level firewalls improve on security by examining all application layers,

bringing context information into the decision process. Technically, this is

accomplished by breaking the traditional client/server model because each

client/server connection requires two connections:

One from the client to the firewall

One from the firewall to the server

This process is known asproxyinga connection.

An application-level firewall provides a set of application-specific security proxies

that evaluate all attempts to pass data into and out of the protected network. A proxy

is a unique application that forwards and filters connections for services such asTELNET, FTP, and HTTP. The host computer running the proxy service or services

is known as an application gateway.

This type of firewall allows for the evaluation of each connection rather than each

packet. Packets are only allowed to pass for an existing proxy with an establishedand authorized network connection. This also prevents other untrusted services from

being implemented without the firewall administrators knowledge.

Rev. 0.11 3 11


12/34


Protocols can also be filtered. For example, the FTP proxy might allow FTP GET

connections, but deny the use of the FTP PUT command. Application-levelgateways also include information hiding (or address translation), authentication,

and logging.

Although application-layer firewalls are more secure than packet-filter routers, they

tend to perform slower than their counterparts working at other OSI levels.

For each application that is relayed, application-level gateways use special-purposecode. Because of this special-purpose code, application-level firewalls provide a

high level of security. For each new type of application added to the network that

requires protection, new special-purpose code must be written. Therefore, mostapplication-level gateways provide a limited subset of basic applications and

services.

3 12 Rev. 0.11


13/34

Module 3


The main advantages of application-layer firewalls include:

No worry about interactions between different sets of filter rules

The ability to log and control all incoming and outgoing traffic.

Good security

Full application-layer awareness

Disadvantages include:

Each service requires its own application layer gateway. A specialized userprogram or variant user interface is required for most services provided.

The implementation at the application layer might be detrimental to

performance.

Proxies cannot provide for UDP, RPC, and other services from commonprotocol families.

Most proxies are not transparent.

The firewall is vulnerable to operating system and application level bugs.

Information contained in lower layers of the OSI model is overlooked.

Email is often passed through an application-level gateway, regardless of the

technologies used to implement the rest of the overall firewall structure.

Application gateways are often used in conjunction with other gateway designs,packet filters, and circuit-level relays.

Rev. 0.11 3 13


14/34


Application-Level Firewalls Compared to Packet Filters

Packet

Filter

Application-Level

Firewall

Packets from inside the network

are passed outside unchanged

This makes a packet filter

susceptible to spoofing

Packets passed through the

firewall are rewritten with the

firewalls IP address

All internal IP addresses are

completely hidden

The following table provides a comparison of packet filter and application-leveltechnologies.

Packet Filter Application-Level Firewall

All packets compared to a list of rules All network traffic forced to the applicationlevel for authorization

All packets allowed unless explicitly denied No traffic allowed through unless explicitlyallowed

No authentication of users User and service authentication (ability toexamine data and state)

Minimal logging Extensive logging

3 14 Rev. 0.11


15/34

Module 3

Stateful-Inspection Firewalls

Presentation

Application

Session

Transport

Network

Data Link

Physical

OSIModel

Stateful Inspection Firewalls

Stateful-inspection firewalls analyze all protocol layers and compare currentsessions to previous sessions to detect suspicious activity.

Stateful-inspection firewalls reside below the network layer, at the lowest software

level. All packets are intercepted and analyzed before they reach the operatingsystem. Stateful-inspection firewalls do not depend on predefined application

information (proxies), but instead use business rules defined by the user.

State information, derived from past communications and other applications, is a

key factor in making the control decision for new communication attempts.

Rev. 0.11 3 15


16/34



The advantages of stateful-inspection technology include:

Good security

Full application-layer awareness

High performance

Scalability

Extensibility

Transparency

The disadvantages of stateful-inspection technology include:

IP-level controls do not offer protection against application-level attacks.

Evaluation and logging of each packet against a list of open connections can be

CPU-intensive and can result in degradation of network traffic through the

firewall.

Rules are highly order-dependent and can be difficult to configure.

3 16 Rev. 0.11


17/34

Module 3

Circuit-Level Firewalls

A circuit-level gateway (also known as circuit-level proxies) relays TCP

connections. It operates at the session level only. Incoming traffic connects to a TCPport on the gateway and the gateway then relays the connections to their destination.

After a session has been established, the firewall might allow any type of traffic to

pass through. No extra processing or filtering of the protocol occurs. The relayservices do not examine the bytes that flow through them.

Secure circuit-level gateways include controls such as time limits on the connection,a list of users allowed to access the port, and user authentication.

Some circuit-level gateways distinguish what packets to pass by checking them

against a memory-resident database to verify their validity. They might also provide

protection for some common types of attacks, such as DNS and FTP attacks and IPaddress spoofing. Some circuit-level gateways can also perform network address

translation.

Because circuit-level gateways operate at the session level, they can allow any kind

of traffic once a session has been established. This is the main disadvantage ofcircuit-level gateways.

Rev. 0.11 3 17


18/34


Introduction to Firewall Servers

Internal Network

Internet

External Network

Firewall Server

Firewall servers are widely used to give users access to the Internet in a secure

fashion, as well as to separate a companys public web server from its internal

network.

Firewall servers are also used to keep internal network segments more secure. Afirewall server lets authorized communication travel freely between internal and

external networks

A firewall server controls all traffic traveling between two networks and examines

content as it comes through. Content is examined based on rules that specify theactions for the firewall to take on every packet it receives.

3 18 Rev. 0.11


19/34

Module 3

Firewall Server Placement

Staging ServerIP: 11.11.11.5

Intranet Production

Departmental Web ServerIP: 10.10.10.5

Internet

Staging

Production ServerIP: 122.201.55.5

FirewallFirewallFirewall

RouterIP: 130.210.30.1

ManagementConsole

IP: 11.11.11.12

ManagementConsole

IP: 122.201.55.12

ManagementConsole

IP: 10.10.10.12

Content CreationClient

IP: 10.10.10.10

The preceding graphic illustrates that firewall servers can be located in various

places throughout the network.

Typically, firewall servers are placed between an organization and the outside

world. However, firewalls can be used internally to isolate certain network

segments.

Rev. 0.11 3 19


20/34


Firewall Server Configurations

Internal Network

Dual-HomedHost

Firewall

Internet

The term multi-homed hostdescribes a host computer that has multiple NICs.

Usually, each NIC is connected to a separate network or network segment. This

multi-homed host can route traffic between the network segments, functioning in arouter capacity.

If the routing function in the multi-homed host is disabled, the host can provide

network traffic isolation between the networks it connects to and yet each network

will be able to process applications on the host. If the applications permit, thenetworks can share data.

Consider two firewall configurations:

A dual-homed firewall system

A tri-homed firewall system

3 20 Rev. 0.11


21/34

Module 3

Dual-Homed Firewall Configuration

InternalNetwork

NIC

NIC

Firewall

Internet

A dual-homed host architecture is built around the dual-homed host computer,which is a computer that has at least two network interfaces. This host can act as a

router between the networks these interfaces are attached to. It is capable of routing

IP packets from one network to another.

A dual-homed firewall contains two network interfaces. One of these interfaces isattached to a trusted network. The other interface is attached to an untrusted

network, such as the Internet.

Note

An exposed gateway or firewall machine is often called a bastion host. A

bastion host is any firewall host that is critical to network security. The bastionhost gets its name from the highly fortified projections on the outer walls of

medieval castles.

The dual-homed host is the basic configuration used in firewalls. To implement a

dual-homed host architecture, disable the routing function. IP packets from onenetwork (for example, the Internet) are not directly routed to the other network.

Systems inside the firewall and outside the firewall can communicate with the dual-

homed host, but these systems cannot communicate directly with each other. IP

traffic between them is completely blocked. The only path between the networks is

through an application layer function. If the routing is accidentally misconfigured sothat IP forwarding is enabled, it is possible for the application layer functions of the

dual-homed firewalls to be bypassed.

Rev. 0.11 3 21


22/34


Security Risks with a Dual-Homed Firewall

Because the firewall server is exposed to the Internet and is a main point of contact

for internal network users, it is vulnerable to attack and therefore must be highly

secured.

The biggest threat to a dual-homed firewall is direct login access to the dual-homed

host. If direct login at the host occurs, the intruder can reconfigure the host. Logins

from external networks should require a strong authentication.

!Important

If users are allowed to log in to the firewall machine directly, the firewall

security can be compromised.

The only access to the firewall host itself should be through either the console orsecure remote access. To prevent circumvention of the firewall, no user accounts

should be permitted on the system.

To protect the dual-homed host, consider taking the following precautions:

Remove programming tools such as compilers.

Use disk partitions so that an intrusion to fill all disk space on the partition willbe confined to that partition.

Remove unneeded system and special accounts.

Delete unneeded network services.

3 22 Rev. 0.11


23/34

Module 3

Tri-Homed Firewall Configuration

Intranet

Internet

External Network

Firewall Server

DMZ

RouterRouter

WebServer FTPServer MailServer

A tri-homed firewall contains three network interfaces. The third network interface

creates a DMZ (demilitarized zone) that stands between the private and hostile

networks.

Typically, the DMZ will contain hosts whose information is less critical ifcompromised. The private network houses hosts whose information is most critical,

and will probably be accessed only by other internal hosts.

Rev. 0.11 3 23


24/34


Multiple Firewall Configuration

Intranet

Internet

External NetworkDMZ

Router

WebServer

FirewallFirewall

Many sites that perform e-commerce or other types of customer transactions use a

two-layered firewall approach.

In this configuration, the web server is on a protected, outside network that isisolated from the main corporate network.

This type of network is referred to as a DMZ network. The advantage of a DMZ

configuration is that if the web server outside is compromised, it does not provide a

foothold for attacking the protected network.

3 24 Rev. 0.11


25/34

Module 3

Firewall Server Behind a Packet-Filtering Router

Internal Network

Internet

Packet FilteringGateway/Router

External Network

Firewall Server

A common strategy is to place a packet-filtering router between a firewall server andthe untrusted network, which introduces another line of defense. In this

configuration, you configure the packet-filtering router so that it sends all network

traffic to the firewall server after applying its filter rules to the network traffic.

Only traffic that passes the filter rules is diverted to the firewall server. All othertraffic is rejected. An intruder must first penetrate the packet-filtering router before

contending with the firewall server.

Rev. 0.11 3 25


26/34


The path of network traffic as applied to the OSI model is illustrated as follows:

Presentation

Application

Session

Transport

Network

Data Link

PhysicalExternal

Network

Firewall

Internal

Network

Network

Data Link

Physical

Packet-Filter

Router

3 26 Rev. 0.11


27/34

Module 3

Evaluating Firewalls

When evaluating firewall implementations, at a minimum the implementation

should include the following features:

Authentication

Protection from common attacks

Activity logging

Rules

Additional firewall features might include:

Alerting

Suspicious activity monitoring

Virtual private networking

URL/news blocking

Code scanning and virus scanning Address translation

Rev. 0.11 3 27


28/34


Authentication

Authentication is the process of determining that a user is who he or she claims to

be. This might be a user logging on to a machine or one host machinecommunicating with another host machine.

Several types of authentication exist. The types of authentication measures you take

will be based on the importance of the resource you are trying to protect.A firewall should provide authentication services so only specific users can enter.

Authentication can be either weak or strong. Weak authentication allows the samepassword to be used repeatedly and is more typically associated with internal users

accessing the Internet. Strong authentication uses a different password every time

and is best for external users accessing the intranet.

For users accessing a particular device, your authentication options (in order ofcomplexity and security) include:

Passwords

One-time passwords

Smart cards

Biometrics

Cryptography

Authorization

3 28 Rev. 0.11


29/34

Module 3

Protection from Common Attacks

Most firewalls protect against common Internet attacks that occur at the network

level, such as IP spoofing, SYN Flood, or the Ping of Death. Attacks that occur atthe application level, such as buffer overrun, specific application commands, and

filtering of URLs, can only be prevented by application-level firewalls, which

examine the application data streams. Packet-filtering firewalls cannot prevent these

attacks because they only see parts of the stream.

The International Computer Security Association (ISCA) is an independent body

that certifies firewalls for minimum functionality.

For more information about ISCA, refer to www.isca.net.

To receive certification, a product must resist all common attacks in accordance with

these criteria:

No measure of administrative control of the firewall or underlying operating

system may become available to the attacker. Protocol or data content other than TELNET, FTP, HTTP, SSL/SHTTP,

SMTP, and DNS must not be passed through the firewall and be carried on the

internal network.

The product must not be trivially rendered inoperable by network-based denialof service attacks, with these exceptions:

The product must have a documented fail-safe mechanism for removing

itself from service according to a declared policy.

If a denial of service attack is widely recognized as having no defense,

the product must provide a log-based alert prior to failing.

Rev. 0.11 3 29


30/34


Activity Logging

A firewall should provide a log of each request it receives. At a minimum, the entry

will include the source of the request, the destination, the protocol, a time stamp,and the result of the request.

Of primary concern is the readability of the logs, the ability to scan or query the

logs, and the ability to compress the logs.For the greatest security, place the log file on a separate drive partition or machine.

Examining the log can reveal whether the firewall is withstanding probes and

attacks, and determines whether the controls on the firewall are adequate.

Rules

Usually a firewall determines what traffic may pass through by applying rules.These rules express the security policy to the firewall in one of two ways:

That which is not expressly permitted is prohibited.

That which is not expressly prohibited is permitted.

3 30 Rev. 0.11


31/34

Module 3

Additional Features

Additional features that to consider depending upon your organizations needs

include:

Alerting The firewall alerts the administrator when an attack occurs.

Suspicious activity monitoring The firewall detects unusual activity and

alerts the administrator. In some cases, the administrator might be able todefine the activities that are considered suspicious.

Virtual private networking The firewall provides the ability to establish

secure, private communication with another network through the Internet.VPNs use encryption and encapsulation technology to create a private

passageway, or tunnel, through the Internet.

URL/news blocking The firewall provides the ability to restrict

information that is not appropriate for a business environment.

Code scanning and virus scanning The firewall provides the ability toscan for malicious code or viruses being introduced into the private network

from the Internet.

Address translation On many networks, it is necessary to hide internal

network addresses from external users to make internal nodes less vulnerableto attack. This also allows the internal network to use IP addresses

indiscriminately. From the outside, it looks like the network only has only one

or just a few IP addresses.

Rev. 0.11 3 31


32/34


Firewall Deployment Procedures

To deploy a firewall, you should use the following general steps:

1. Create a security policy that defines what, why, and how computing resources

are to be protected. This includes well-defined access rules such as:

Allow inside users access to the Internet using web protocols (HTTP).

Allow email traffic in both directions using Internet mail protocols

(SMTP).

Allow inside users to access Internet servers using FTP.

Deny all other access.

2. Choose the right firewall components to enforce the security policy. Thefirewall system must be capable of supporting the access rules you defined.

3. Reconfigure the network's domain name system (DNS) to accommodate the

placement of the firewall.

4. Configure the firewall's access rules, logging, notification, and addresstranslation features to match the security policy. Some firewalls can be pluggedin with little configuration.

5. Perform a security scan against the firewall system. In other words, try to

invade your own network. Some scanning tools, such as ISS and SATAN,

break into the firewall, not through it. Other tools try to break through afirewall.

After you have a firewall in place, perform periodic security scans and audits to

ensure continuous firewall integrity.

3 32 Rev. 0.11


33/34

Module 3

Review Questions

1. List the main types of firewalls.

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................2. Describe how packet-filtering gateways work.

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

3. Briefly explain how application-level firewalls work.

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

4. Briefly explain how stateful inspection firewalls work.

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

5. Briefly explain how circuit-level firewalls work.

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

6. Describe how a DMZ is created with a firewall server.

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

Rev. 0.11 3 33


34/34


7. What is the advantage of placing a firewall server behind a packet filtering

gateway?

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................8. What key features would you evaluate when deciding upon a firewall solution?

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

9. List the general steps you would follow to deploy a firewall.

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

.................................................................................................................................

Documents

05 M3 Firewall Technology